Information communication device, information communication system, and computer program product for transmission control

ABSTRACT

An aspect of the present invention provides an information communication device for transmitting electronic data encrypted for the purpose of copyright protection, the device includes that an identification information managing unit configured to hold device identification information in connection with other information communication devices acquired through a network, an ID registration processing unit configured to register the device identification information of another connection device when the other communication device satisfies a predetermined distance condition or when common identification information that is held by both information communication devices is received from a portable device, and an authentication and key exchange processing unit configured to, for the purpose of copyright protection, complete authentication and key exchange process (AKE process) only when another information communication device whose device identification information is registered in the identification information managing unit.

CROSS REFERENCE TO RELATED APPLICATIONS

This application claims benefit of priority under 35 USC 119 based onJapanese Patent Applications No. P2003-194491 filed on July 9^(th),2003, and No. P2003-406359 filed on December 4^(th), 2003, the entirecontents of which are incorporated by reference herein.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an information communication device,information communication system, and transmission control program forsending and receiving electronic data that requires copyright protectionbetween a sending device and a receiving device.

2. Description of Related Art

The number of so-called digital information electric products isincreasing and the popularity of these products is expected to spreadwith start of digital broadcasting. These products include such items astelevisions compatible with digital broadcasting, digital VTRs, DVDplayers, hard disk recorders, and various other products that handledigital data and digital content.

One of the problems that must be addressed as these products became morewidespread is the issue of copyright protection for the content. Whiledigital data is advantageous in that it can be copied without degradingin quality, it has the disadvantage of being easy to copy illicitly.

Consequently, systems compliant with IEEE 1394, i.e., digital networksthat connect digital AV (audiovisual) devices together, are providedwith functions for authentication, key exchange, and data encryption.

Consider a hypothetical situation in which AV data requiring copyrightprotection is to be transmitted form a sending device to a receivingdevice. In such a situation, it is important for the copyrightprotection to be contrived in such a manner that an individual (or, in abroader interpretation, a family) can enjoy handling the AV data withoutbeing hindered by the copyright protection so long as the handling doesnot involve exchanging the AV data with other parties or the payment oflistening/viewing fees or copyright royalties.

DTCP (digital transmission content protection) is a known system forproviding copyright protection on networks. DTCP has become a de factostandard copyright protection method for use with IEEE 1394 and USB.With DTCP, authentication and key exchange processing is executedbetween the sending device and the receiving device with respect to theAV data or other content requiring copyright protection and the AV datais transmitted in an encrypted manner (see http://www.dtcp.com).

Generally, copyright protection in a transmission system involvestransmitting AV data using the following processing steps. First,commands for sending and receiving AV data are issued between thesending device and the receiving device. For example, the receivingdevice issues the playback and (which is one of the AV control commands)to the sending device.

Next, the AV data is encrypted for copyright protection and transmissionof the AV data from the sending device to the receiving devicecommences. Before or after the transmission, authentication and keyexchange processing for the copyright protection is executed between thesending device and the receiving device. If the authentication and keyexchange processing is successful, it becomes possible for the AV dataencryption key to be shared by the sending device and the receivingdevice or for the sending device and receiving device to calculate anencryption key and the receiving device decrypts and plays back thereceived encrypted AV data. If the AV data transmission is conductedusing an internet protocol (IP), various web applications can be linkedand web browsers and other assets can be utilized so that variousnetwork configurations can be accommodated.

For this reason, an IP (more specifically, IPv4 or IPv6) is often usedas the protocol for transmitting AV data that has been compressed usingMPEG or the like. Still more specifically, such protocols as RTP (realtime transport protocol) and HTTP (hypertext transport protocol) areused.

However, with an IP, a security problem arises because IP packets can betransmitted regardless of the specific network configuration.Consequently, there are IP technologies, such as VPN (virtual privatenetwork), for connecting remote IP networks together logically. When oneof these technologies is used, IP packets can be transmitted between ahome network of a person X in a district A and a home network of aperson Y in a district B (which is physically distant from the districtA) over the VPN or the like. In other words, the home network of theperson X and the home network of the person Y can be operated as thoughthey are a single home network.

Regarding copyright protection, copying and the like of AV data areallowed within the realm of individual enjoyment but other parties arenot allowed to copy the AV data. However, by using one of thetechnologies just mentioned (e.g., VPN technology), it is possible tomake the networks of different individuals appear logically as a singlenetwork (that is, it is possible to configure the networks as a singlenetwork) and there is the possibility that devices that violatecopyright laws will became available.

SUMMARY OF THE INVENTION

An aspect of the present invention provides an information communicationdevice for transmitting electronic data encrypted for the purpose ofcopyright protection, the device includes that an identificationinformation managing unit configured to hold device identificationinformation in connection with other information communication devicesacquired through a network, an ID registration processing unitconfigured to register the device identification information of anothercommunication device when the other communication device satisfies apredetermined distance condition or when common identificationinformation that is held by both information communication devices isreceived from a portable device, and an authentication and key exchangeprocessing unit configured to, for the purpose of copyright protection,complete authentication and key exchange process (AKE process) only whenanother information communication device whose device identificationinformation is registered in the identification information managingunit.

Another aspect of the present invention provides an informationcommunication system for transmitting electronic data encrypted for thepurpose of copyright protection, the system includes that a sendingdevice, and a receiving device configured to receive electronic dataencrypted for the purpose of copyright protection and sent from thesending device, wherein at least one of the sending device and thereceiving device includes that an identification information managingunit configured to hold device identification information regardinganother device acquired through a network, an ID registration processingunit configured to register the device identification information ofanother device when the other device is recognized to be connected to anetwork having a prescribed limited range, and an authentication and keyexchange processing unit configured to complete AKE process only whenanother information communication device whose device identificationinformation is registered in the identification information managingunit.

Furthermore, another aspect of the present invention provides a computerprogram product comprising a computer useable medium having computerprogram logic recorded thereon for enabling a processor to controltransmission of electronic data encrypted for the purpose of copyrightprotection, the computer program product includes that a sendingprocedure that enables the processor to send a request packet to anotherinformation communication device with which communication is to beconducted, a receiving procedure that enables the processor to receive aresponse packet from another information communication device, adetermining procedure that enables the processor to determine if anotherinformation communication device is connected to a network having aprescribed limited range based on the received device ID responsepacket, a registration procedure that enables the processor to registerthe device identification information of another informationcommunication device when it is determined that the other informationcommunication device is connected to a network having a prescribedlimited range, and an authentication and key exchange procedure thatenables the processor to, for the purpose of copyright protection,complete AKE process only when another information communication devicewhose device identification information is registered in theidentification information managing unit.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing a receiving device according to anembodiment of the present invention.

FIG. 2 is a block diagram an embodiment of the sending device 2.

FIG. 3 shows an example of an ID list.

FIG. 4 is a block diagram showing the internal features of a receivingdevice 3 in accordance with the embodiment.

FIGS. 5 and 6 are sequence diagrams showing the processing steps fortransmitting AV data between the sending device 2 and the receivingdevice 3 in accordance with the first embodiment.

FIG. 7 is a sequence diagram showing the processing steps for spoofingprevention in accordance with the first embodiment.

FIG. 8 is a sequence diagram showing the processing steps fortransmitting AV data in the second embodiment.

FIG. 9 is a block diagram showing an information communication system inaccordance with the third embodiment of the present invention.

FIG. 10 is a block diagram showing an example of the sending device 2 ashown in FIG. 9.

FIG. 11 is a block diagram showing an example of the receiving device 3a.

FIG. 12 shows the data structure of the short-distance ID managing units43, 53 inside the sending device 2 a and receiving device 3 a.

FIG. 13 is a block diagram showing an example of the internal featuresof the short-distance wireless device 4 when the short-distance wirelessdevice 4 is an infrared remote control device.

FIG. 14 is a block diagram showing an example of the internal featuresof the short-distance wireless device 4 when the short-distance wirelessdevice 4 is a wireless tag device.

FIG. 15 is a sequence diagram showing the processing steps forregistering a short-distance ID to the sending device 2 a and thereceiving device 3 a.

FIG. 16 is a sequence diagram of the authentication and key exchangeprocessing and the send processing for registration of theshort-distance ID.

FIG. 17 is a sequence diagram showing the processing steps fortransmitting AV data between the sending device 2 a and the receivingdevice 3 a.

FIG. 18 is a sequence diagram showing the processing steps for a case inwhich the short-distance ID (=AA) sent from the receiving device 3 a inthe previously described step S91 is not registered in theshort-distance ID managing unit 43 of the sending device 2 a.

FIG. 19 is a sequence diagram showing another example of the processingsteps for transmitting AV data between the sending device 2 a and thereceiving device 3 a.

FIG. 20 is a block diagram showing an information communication systemin accordance with the fourth embodiment of the present invention.

FIG. 21 is a block diagram showing an example of the internal featuresof the sending device 2 b indicated in FIG. 20.

FIG. 22 is a block diagram showing an example of the internal featuresof the receiving device 3 b shown in FIG. 20.

FIG. 23 is a block diagram showing an example of the internal featuresof an IC card.

FIG. 24 is a block diagram showing an information communication systemin accordance with the fifth embodiment of the present invention.

FIG. 25 is a block diagram showing an example of the internal featuresof the receiving device 3 c indicated in FIG. 24.

FIG. 26 is a block diagram showing an example of the internal featuresof a B-CAS card 6.

DETAILED DESCRIPTION OF THE EMBODIMENTS

Various embodiments of the present invention will be described withreference to the accompanying drawings. It is to be noted that the sameor similar reference numerals are applied to the same or similar partsand elements throughout the drawings, and the description of the same orsimilar parts and elements will be omitted or simplified.

FIG. 1 is a block diagram of an information communication system inaccordance with a first embodiment of the present invention. Theinformation communication system shown in FIG. 1 is intended for sendingand receiving chiefly AV data within the residence of an individual andis provided with a sending device 2 and a receiving device 3 connectedto a home network 1.

The home network 1 can be any of a variety of network configurations,such as a wireless LAN compliant with IEEE 802.11, an Ethernet(registered trademark), or an IEEE 1394 network. It is acceptable forother devices to be connected to the home network 1 in addition to thesending device 2 and the receiving device 3, but such devices areomitted here for the purpose of simplification. When an internetprotocol (IP) is used on the home network 1, either IPv4 or IPv6 isacceptable.

The AV data exchanged between the sending device 2 and receiving device3 requires copyright protection and is transmitted in a state in whichappropriate copyright protection has been applied. In this embodiment,it will be assumed that DTCP is used as the method of achievingcopyright protection on the network, but it also acceptable to use acopyright protection arrangement other than DTCP. Seehttp://www.dtcp.com for more information regarding DTCP.

In this embodiment, a registration procedure is established in advancebetween the sending device 2 and the receiving device 3 whereby thesending device 2 and receiving device 3 are both registered to eachother or only one is registered to the other. Devices that have notcompleted the registration procedure are not allowed to transmit AV datato each other, decrypt encrypted AV data, or complete the authenticationand key exchange processing.

More specifically, the transmission time is generally longer whenpackets are transmitted between different home networks 1 and a routernetwork (public internet) is typically used when different home networks1 are connected together. In this embodiment, the informationcommunication device takes advantage of these characteristics and endsthe registration if the exchange of the registration packets is notcompleted within a prescribed amount of time. The packets used forregistration can be data link layer frames and physical layer frames.These frames include, for example, Ethernet (registered trademark)packets and wireless layer packets. Since these frames are not routed bythe router, the exchange of these frames can be limited to devices thatcan communicate within a prescribed LAN.

FIG. 2 is a block diagram an embodiment of the sending device 2. Thesending device 2 shown in FIG. 2 is provided with the following: anetwork interface unit 11; a communication processing unit 12 configuredto execute communication processing; a DTCP device ID recording unit 13configured to record the DTCP device ID of the sending device 2; an IDmanaging unit 14 configured to register the device IDs of othercommunication devices inside the same residence acquired through thenetwork; an ID registration processing unit 15 configured to control theregistration of device IDs in the ID management unit 14; a measuringunit 16 configured to measure the time required for the device ID's tobe reported from the other communication devices; an authentication andkey exchange processing unit 17 configured to execute DTCPauthentication and key exchange processing in order to accomplishcopyright protection, an encryption processing unit 18 configured toencrypt data that will be sent; a packet processing unit 19 configuredto convert the AV data and the DTCP management data to be sent to thereceiving device 3 into communication packets; and a content supply unit20 configured to store AV data. After the ID registration processingunit 15 requests another communication device inside the residence tosend its device ID, the measuring unit 16 measures the time until thereis a response providing the device ID. It is also acceptable that themeasuring unit 17 measures time of other packet communications than thatof device ID between the sending device 2 and the other communicationdevice. If the response occurs within a prescribed amount of time, theID registration processing unit 15 registers the device ID in the IDmanaging unit 14. The ID managing unit 14 holds a list of registereddevice IDs (hereinafter called the “ID list”) and, when the IDregistration processing unit 15 issues a request to register a deviceID, the ID managing unit 14 adds the device ID to the ID list so long asthe device ID has not already been registered to the ID list.

In this embodiment, the measuring device 16 measures the distancebetween the sending device 2 and the other communication device withinthe network by measuring time. However, the invention is not limited tothis method and it is also acceptable to measure the physical distanceusing a GPS or the like. In the case of a wireless arrangement, it isalso acceptable to measure the distance based on the strength of thewireless signal. When an optical communication medium is used, it isacceptable to measure the distance based on the intensity of the light.

FIG. 3 shows an example of an ID list. The ID list registers the DTCPdevice ID of each of the other communication devices as a mandatory itemand registers such optional items as the following: the RTT (round triptime), a unique ID (e.g., MAC address), and date and time of last use(data and time of the last communication with the other communicationdevice).

Up to N (where N is a prescribed integer) device IDs can be registeredin the ID list. When there is a request to register a new device ID andN device IDs have already been registered, it is acceptable to handlethe request by either denying the registration of the new device ID ordeleting a previously registered device ID so that the new device ID canbe registered. In the latter case, any of the following arrangements isacceptable: delete the device ID of the registered communication devicewith which communication has not been conducted for the longest periodof time; delete the device ID that was registered the longest ago, as inthe case of the FIFO format; or allow the user to delete an arbitrarydevice ID by means of some kind of user interface. In this way, thenumber of device ID entries in the ID list can be limited asmentioned-above.

In this embodiment, the DTCP device ID is an identification number forthe DTCP device. It is preferable that every DTCP device in the entireworld have a unique ID. It is also acceptable for the DTCP device ID tobe an ID embedded in a certificate (called a “device certificate”) thatproves the device is a properly licensed device. The device certificateincludes digital signatures and the like that can be verified to confirmthat the device certificate is correct.

FIG. 4 is a block diagram showing the internal features of a receivingdevice 3 in accordance with this embodiment. The receiving device 3shown in FIG. 4 is provided with the following: a network interface unit21; a communication processing unit 22 configured to executecommunication processing; a DTCP device ID recording unit 23 configuredto record the DTCP device ID of the receiving device 3; an ID managingunit 24 configured to register the device IDs of other communicationdevices inside the same residence acquired through the network; an IDregistration processing unit 25 configured to control the registrationof device IDs in the ID management unit 24; a measuring unit 26configured to measure the time required for the device ID's to bereported form the other communication devices; an authentication and keyexchange processing unit 27 configured to execute DTCP authenticationand key exchange processing in order to accomplish copyright protection,an encryption processing unit 28 configured to decrypt data that hasbeen received; a packet processing unit 29 configured to convert thereceived signal into AV data; and a content supply unit 30 configured tostore AV data.

FIGS. 5 and 6 are sequence diagrams showing the processing steps fortransmitting AV data between the sending device 2 and the receivingdevice 3 in the first embodiment. The sequence diagrams shown in FIGS. 5and 6 start when the users of the sending device 2 and the receivingdevice 3 press a register button or click a register icon (steps S11 andS12).

It is also acceptable to start the processing of FIG. 5 when a startingaction is performed at only one or the other of the sending device 2 andthe receiving device 3. Still another option is to set the sendingdevice 2 and the receiving device 3 to registration mode and start theprocessing of FIG. 5 automatically when the power to said devices isturned on.

In any case, registration processing is executed between two deviceseach of whose registration button was pressed or between a communicationdevice whose registration button was pressed and another communicationdevice (normally a communication device whose power is on).

It is also acceptable to configure the system such that registrationprocessing starts without obtaining an instruction to start registrationform a user.

Although FIG. 5 illustrates a case in which registration is performedbetween two devices, i.e., the sending device 2 and the receiving device3, it is also acceptable register three or more devices simultaneously.

When the registration processing starts, the sending device 2 startsmeasuring time (timer ON) using the measuring unit (step S13) and sendsa device ID send request packet to the receiving device 3 for thepurpose of registering the device ID in the ID list (step S14). Thepacket can be sent using Ethernet (registered trademark) frames orwireless layer frames (data link layer frames or physical layer frames).The device ID send request packet includes a time stamp and a randomnumber selected by the sending device 2. It is acceptable for thesending device 2 to broadcast the device ID send request packet over thenetwork. In such a case, the Ethernet (registered trademark) broadcastaddress is used as the destination Ethernet (registered trademark)address.

The receiving device 3 receives the device ID send request packet andsends a device ID response packet to the sending device 2 (step S15).The device ID response packet, too, is sent using Ethernet (registeredtrademark) frames or wireless layer frames. It is acceptable for thereceiving device 3 to include in the device ID response packet the samerandom number and time stamp as was included in the device ID sendrequest packet from the sending device 2. In this way, the sendingdevice 2 can know which request packet the response corresponds to andit is easier for the measuring unit 16 to measure the time.

It is also acceptable to configure the system such that the receivingdevice 3 sends a device ID send request packet to the sending device 2and, after receiving the packet, the sending device 2 sends a device IDresponse packet to the receiving device 3. In this case, the timerequired for the packet response is measured by the receiving device 3.In case that the receiving device 3 measures the packet response, it isacceptable that the receiving device 3 sends a result of the measuredtime of the packet response to the sending device 2.

If the device ID response packet is received within a prescribed amountof time T, the ID registration processing unit 15 inside the sendingdevice 2 registers the device ID of the receiving device 3 in the IDmanaging unit 24. If the device ID response packet is not receivedwithin the prescribed amount of time T, the registration is determinedto have failed and the device ID is not registered in the ID managingunit 24 (step S16).

It is acceptable that the time measurement is conducted only once, andit is also acceptable that the time is measurement is retried forprescribed times until the device ID response packet is received withina prescribed amount of time.

If the device ID registration fails, it is necessary to inform the userthat it is necessary to perform the device ID registration over anidentical link network but with a shorter distance between devices.Therefore the user is urged to try such actions as the following:perform the registration with the sending device 2 and the receivingdevice 3 plugged into the same Ethernet (registered trademark) switch;perform the registration with the sending device 2 and the receivingdevice 3 connected directly to the Ethernet (registered trademark)cable; temporarily reduce the traffic on the network (by, for example,stopping transmissions of AV data between other communication devices);stop other applications running on the sending device 2 or receivingdevice 3 in order to reduce the processing load.

After the processing of step S16 is completed, the receiving device 3starts measuring time with the measuring unit 26 (step S17) and sends adevice ID send request packet to the sending device 2 (step S18). Thesending device 2 receives the request and sends a device ID responsepacket (step S19).

If the receiving device 3 receives the device ID response packet fromthe sending device 2 within a prescribed amount of time T, the receivingdevice 3 registers the device ID of the sending device 2 in the IDmanaging unit. If the device ID response packet is not received withinthe prescribed amount of time T, the device ID of the sending device 2is not registered (step S20).

It is acceptable that the time measurement is conducted only once, andit is also acceptable that the time measurement is retried forprescribed times until the device ID response packet is received withina prescribed amount of time.

It is also acceptable to accomplish this time measurement using packetsother than the device ID registration request and response packets. Itis also acceptable to accomplish the time measurement using IP packets.But not limited to this, other packets can be used in this embodiment.

After completing the procedure just described, the sending device 2 andthe receiving device 3 end registration mode (steps S21 and S22) andexecute authentication and key exchange processing (steps S23 to S29 ofFIG. 6).

First, the receiving device 3 uses an IP packet to send a request forauthentication and key exchange to the sending device 2 (step S23). Thereceiving device 3 includes its own device ID in the IP packet.

The sending device 2 receives the IP packet from the receiving device 3and checks if the device ID of the receiving device 3 is registered inthe ID managing unit 14 (step S24). If the device ID is registered, thesending device 2 uses an IP packet to send a request for authenticationand key exchange to the receiving device 3 (step S25). The sendingdevice 2 includes its own device ID in the IP packet. For example, themeasurement can be achieved using key exchange or random number requestand response packets. Another example is that the measurement can bedone using Ethernet Frames instead of IP packets.

The receiving device 3 receives the IP packet from the sending device 2and checks if the device ID of the sending device 2 is registered in theID managing unit 24 (step S26). If the device ID is registered,authentication and key exchange is executed between the sending device 2and the receiving device 3 (step S27).

If the authentication and key exchange succeeds, the sending device 2and the receiving device 3 will share a content encryption key (stepsS28 and S29) and the sending device will encrypt the content (step S30).

In this embodiment, the RTT measurement is carried out at the beginningpart of the processing AKE (authentication and key exchange) protocol.It is also acceptable such that the RTT measurement is carried outbefore the processing of AKE protocol, during the processing of the AKEprotocol, or at the ending part of the processing AKE protocol.

Next, the sending device 2 transmits the encrypted AV data using RTP orHTTP (step S31). The receiving device 3 receives the AV data anddecrypts the content (step S32).

When either one of the devices, i.e., the sending device 2 or thereceiving device 3, has already completed the device ID registrationprocedure, the steps S13 to S16 or the steps S17 to S20 of FIG. 5 can beomitted.

It is also acceptable to conduct the request for device ID registrationand the response thereto at the authentication and key exchangeprocessing stage of step S25.

It is also acceptable to provide a procedure for protecting againstspoofing (man in the middle attack) when the device ID registrationrequest and registration response are executed. In such a case,processing such as that shown in FIG. 7 is executed instead of the stepsS14 to S16 of FIG. 5.

First, the sending device 2 sends a random number send packet to thereceiving device 3 using Ethernet (registered trademark) frames orwireless layer frames (step S41). The random number send packet containsa random number r generated by the sending device 2.

The receiving device 3 receives the random number send packet andcalculates a signature using the random number and its own device ID(step S42). The receiving device 3 sends a random number receivednotification to the sending device 2 using Ethernet (registeredtrademark) frames or wireless layer frames (step S43).

After receiving the notification, the sending device 2 starts measuringtime using the measuring unit (step S44) and sends a device ID requestpacket to the receiving device 3 using Ethernet (registered trademark)frames or wireless layer frames (step S45). This packet contains theaforementioned random number r.

After receiving the packet, the receiving device 3 sends a device IDresponse packet containing the random number r and its own device ID andsignature to the sending device 2 (step S46).

The sending device 2 determines if the amount of time from when it sentthe device ID request packet until when it received the device IDresponse packet is within a prescribed amount of time T. If the time iswithin the prescribed amount of time T, the device ID=b of the receivingdevice 3 is registered in the ID managing unit. If response is notreceived within the prescribed amount of time T, the device ID is notregistered to the ID managing unit (step S47).

Thus, in the first embodiment, the other communication device (receivingdevice 3 or sending device 2) is only registered if the response isreceived within a prescribed amount of time after the device IDregistration request is issued. As a result, it is possible to restrictthe transmission of AV data to communication devices that are within alimited area and the AV data can be copyright-protected using simpleprocessing.

(Second Embodiment)

The second embodiment is configured such that after the receiving device3 has issued a request for authentication and key exchange to thesending device 2, the sending device 2 sends a device ID request packetto the receiving device 3.

The constituent features of the sending device 2 and the receivingdevice 3 of the second embodiment are the same as those shown in FIG. 2and FIG. 4 and descriptions thereof are therefore omitted.

FIG. 8 is a sequence diagram showing the processing steps fortransmitting AV data in the second embodiment. First, the receivingdevice 3 issues a request for authentication and key exchange to thesending device 2 (step S51). The sending device 2 confirms that thereceiving device 3 from which the request for authentication and keyexchange was issued is not already registered in the ID managing unit(step S52), starts measuring time with the measuring unit (step S53),and sends a device ID request packet to the receiving unit 3 usingEthernet (registered trademark) frames or wireless layer frames (stepS54).

The receiving device 3 responds to the packet by sending a device IDresponse packet to the sending device 2 using Ethernet (registeredtrademark) frames or wireless layer frames (step S55).

Next, if the amount of time from when the sending device 2 sent thedevice ID request packet until it received the device ID response packetis within a prescribed amount of time T, the sending device 2 registersthe device ID (=b) of the receiving device 3 to the ID managing unit 14.If response is not received within the prescribed amount of time T, thedevice ID is not registered (step S56).

Next, the receiving device 3 uses the same steps to execute registrationprocessing with respect to the device ID of the sending device 2 (stepsS57 to S60). Thereafter, the processing steps are the same as steps S21to S32 of FIG. 6.

When either one of the devices, i.e., the sending device 2 or thereceiving device 3, has already completed the device ID registrationprocedure, the steps S52 to S56 or the steps S57 to S60 of FIG. 8 can beomitted.

Thus, the second embodiment eliminates unnecessary requests andresponses for device IDs because the device ID requests are issued afterthe request for authentication and key exchange. As a result,communication traffic can be reduced.

(Third Embodiment)

The third embodiment is different from the first and second embodimentsin that it is configured such that AV data can only be transmittedbetween a sending device and a receiving device in which an ID sent fromthe same short-distance wireless device is registered.

FIG. 9 is a block diagram showing an information communication system inaccordance with the third embodiment of the present invention. Inaddition to the features shown in FIG. 1, the information communicationsystem shown in FIG. 9 is provided with a short-distance wireless device4 that includes an infrared remote controller (hereinafter called“remote control”) and a wireless tag.

The sending device 2 a and the receiving device 3 a of this embodimentboth communicate wirelessly with the short-distance wireless device 4and register the globally unique ID (hereinafter called “short-distanceID”) sent from the short-distance wireless device 4. AV data (or itscopyright protection key exchange) is only allowed to be transmittedbetween a sending device 2 a and a receiving device 3 a that have thisshort-distance ID registered therein. More specifically, if the ID isnot registered in the sending device 2 a and receiving device 3 a,authentication and key exchange (or exchange of content) will notsucceed between the sending device 2 a and receiving device 3 a.

The short-distance wireless device 4 holds the short-distance ID andsends the ID to both the sending device 2 a and the receiving device 3 ausing short-distance wireless communication only. The “short-distance”mentioned here is, for example, the range (e.g., several meters) thatcan be reached by the infrared rays in the case of an infrared device orthe range (e.g., several centimeters) that can be reached by the radiowaves in the case of a wireless tag device.

FIG. 10 is a block diagram showing an example of the sending device 2 ashown in FIG. 9. Components in FIG. 10 that are the same as in FIG. 2are indicated with identical reference symbols and only the differenceswill be discussed below.

Similarly to FIG. 2, the sending device 2 a of FIG. 10 is provided witha network interface unit 11, a communication processing unit 12, a DTCPdevice ID recording unit 13, an ID managing unit 14, a DTCPauthentication and key exchange processing unit 17, an encryptionprocessing unit 18, a packet processing unit 19, and a content supplyingunit 20. Additionally, the sending device 2 a of FIG. 10, is providedwith the following: a short-distance wireless interface unit 41 forshort-distance wireless c cation; a short-distance authentication andkey exchange processing unit 42 configured to execute authentication andkey exchange between the sending device 2 a and the short-distancewireless device 4; a short-distance ID managing unit 43 configured toregister the short-distance ID acquired by means of short-distancewireless communication; an ID registration processing unit 44 configuredto control the registration of the short-distance ID to theshort-distance ID managing unit 43; a registration completednotification processing unit 45 configured to notify the user that theregistration of a short-distance ID has been completed; and a powersupply control unit 46 configured to supply a power supply voltage tothe short-distance wireless interface unit 41 and peripheral unitsthereof only during registration of a short-distance ID.

For security reason, it is also acceptable to provide the short-distanceID managing unit 43 and the ID registration processing unit 44,respectively, with encryption communication processing units 43 a, 44 aconfigured to encrypt the short-distance ID. This arrangement eliminatesthe risk of the short-distance ID being illicitly acquired form the databus between the short-distance ID managing unit 43 and the IDregistration processing unit 44. More specifically, the data transferbetween the ID registration processing unit 44 and the short-distance IDmanaging unit 43 takes place through a general-purpose data bus in acase in which all of the following conditions exist: the short-distancewireless interface unit 41, the short-distance wireless authenticationand key exchange processing unit 42, and the ID registration processingunit 44 are modularized into, for example, infrared modules or wirelesstag modules; the modules are connected to a PCI bus or othergeneral-purpose data bus; and the short-distance ID managing unit 43 andthe DTCP authentication and key exchange processing unit 17 operateusing software located in an MPU. Consequently, if the short-distance IDis not encrypted, it can be intercepted illicitly on the general-purposedata bus and used for such purposes as to make illegal copies.

Therefore, it is preferred to provide encryption communicationprocessing units 43 a and 44 a in the short-distance ID managing unit 43and the ID registration processing unit 44, respectively, and encrypt,such as the short-distance ID before transmitting it. The encryptioncommunication processing units 43 a, 44 a can be constituted withhardware or they can configured to accomplish the encryption of the IDsusing software by preparing an API for encrypting with software.

It is also acceptable to provide the encryption communication processingunits 43 a, 44 a with internal functions for measuring if thecommunications between the encryption communication processing units 43a, 44 a are taking place within a prescribed amount of tire. Thisfunction is provided in order to check if the physical distance betweenthe short-distance ID managing unit 43 and the ID registrationprocessing unit 44 is within a prescribed distance (e.g., if thephysical distance between the short-distance ID managing unit 43 and theID registration processing unit 44 within the same case is within aprescribed distance or if the physical distance between theshort-distance ID managing unit 43 and an externally attached part, suchas a USB dongle, constituting the short-distance wireless processingunit is within a prescribed distance).

The externally attached part mentioned here includes, for example, theshort-distance wireless interface unit 41, the short-distanceauthentication and key exchange processing unit 42, and the IDregistration processing unit 44. Without this time measuring (distancemeasuring) function, it is feasible that someone could attack the systemby arranging an externally attached part in a remote location,connecting the short-distance ID managing unit 43 and the externallyattached part together through the internet or other public network(wide area network), and registering a device remotely. Said functionhas the effect of preventing such an attack.

It is possible that the functions related to short-distance wirelesscommunication (e.g., the short-distance wireless interface unit 41, theshort-distance authentication and key exchange processing unit 42, andthe ID registration processing unit 44) will be functions that are notused except when registering a short-distance ID. Therefore, electricpower can be conserved by configuring the system such that power is notsupplied to these functions except when a short-distance ID is beingregistered. This control of the power supply is executed by the powersupply control unit 46. The power supply control unit 46 detects when auser presses the short-distance ID registration button and controls thepower supply accordingly.

The short-distance wireless ID is an identification number for theshort-distance wireless device 4 and it is acceptable for it to be anidentification number that is issued by the same licensing institutionas the DTCP or DTLA (the license organization of DTCP) and assigned avalue that is unique throughout the world. Similarly to the DTCP deviceID, it is also acceptable for the short-distance wireless ID to be an IDembedded in a certificate (called a “device certificate”) that provesthe device is a properly licensed device. The device certificateincludes digital signatures and the like that can be verified to confirmthat the device certificate is the correct certificate.

FIG. 11 is a block diagram showing an example of the receiving device 3a. Components in FIG. 11 that are the same as in FIG. 4 are indicatedwith identical reference symbols and only the differences will bediscussed below.

Similarly to FIG. 4, the receiving device 3 a of FIG. 11 is providedwith a network interface unit 21, a communication processing unit 22, aDTCP device ID recording unit 23, an ID managing unit 14, a DTCPauthentication and key exchange processing unit 27, an encryptionprocessing unit 28, a packet processing unit 29, and a content supplyingunit 30. Additionally, the receiving device 23 a of FIG. 11, is providedwith the following: a short-distance wireless interface unit 51 forshort-distance wireless communication; a short-distance authenticationand key exchange processing unit 52 configured to execute authenticationand key exchange between the receiving device 3 a and the short-distancewireless device 4; a short-distance ID managing unit 53 configured toregister the short-distance ID acquired by means of short-distancewireless communication; an ID registration processing unit 54 configuredto control the registration of the short-distance ID to theshort-distance ID managing unit 53; a registration completednotification processing unit 55 configured to notify the user that theregistration of a short-distance ID has been completed; and a powersupply control unit 56 configured to operate (i.e., turn on the powerto) the short-distance wireless interface unit and peripheral unitsthereof only during registration of a short-distance ID.

FIG. 12 shows the data structure of the short-distance ID managing units43, 53 inside the sending device 2 a and receiving device 3 a. Thevalues of the short-distance IDs are registered in the short-distance IDmanaging unit 43, 53 as mandatory items. Other values, such as the RTT(round trip time), the DTCP device ID, and the date and time ofregistration corresponding to each short-distance ID are recorded asoptional items.

FIG. 13 is a block diagram showing an example of the internal featuresof the short-distance wireless device 4 when the short-distance wirelessdevice 4 is an infrared remote control device. The infrared remotecontrol device of FIG. 13 is provided with the following: an infraredcommunication interface unit 61; an AV device initialization processingunit 62 for initializing the AV device; an AV device control processingunit 63 for controlling the AV device; a short-distance ID recordingunit 64 configured to record the short-distance ID of the infrareddevice; an ID registration processing unit 65 configured to controlregistration of the ID to the short-distance ID recording unit 64; aregistration counter 66 configured to measure the number of timesrecording of the short-distance ID to the short-distance ID recordingunit 64 takes place; short-distance wireless authentication and keyexchange processing unit 67 configured to execute authentication and keyexchange between the short-distance wireless device 4 and the sendingdevice 2 a, or, between the short-distance wireless device 4 and thereceiving device 3 a; and a user interface unit 68.

It is acceptable for the infrared communication interface unit 61 to beprovided with a two-way infrared interface unit for short-distance IDregistration 61 a and a one-way infrared interface unit for AV devicecontrol. While the infrared remote control interface for controlling anAV device is generally a one-way interface, the infrared interface forregistering the short-distance ID of this embodiment is a two-wayinterface, as described later. In order to accomplish these twofunctions, it is necessary to provide the infrared communicationinterface unit 61 with two infrared interfaces 61 a, 61 b. These twoinfrared interfaces can be constituted with two or more separatecomponents or sealed inside one individual component. The two-wayinfrared interface 61 a for short-distance ID registration is connectedto the short-distance wireless authentication and key exchangeprocessing unit 67 and the AV device initialization processing unit 62.Meanwhile, the one-way infrared interface 61 b for AV device control isconnected to the AV device control processing unit 63. It is acceptablefor these two infrared interfaces 61 a, 61 b to use different infraredfrequencies, command systems, and packet formats.

Meanwhile, FIG. 14 is a block diagram showing an example of the internalfeatures of the short-distance wireless device 4 when the short-distancewireless device 4 is a wireless tag device. The wireless tag device ofFIG. 14 is provided with the following: a wireless tag communicationinterface unit 70; an AV device initialization processing unit 71; ashort-distance wireless authentication and key exchange processing unit72; an ID registration processing unit 73; a registration counter 74; ashort-distance ID recording unit 75; and a user interface unit 76.

The wireless tag device does not require a battery, and is thereforeeconomical, because it sends its wireless signal using electric powergenerated from received radio waves. Although omitted in FIG. 14, acapacitor for storing electric power generated from received radio wavesis provided inside the wireless tag device.

FIG. 15 is a sequence diagram showing the processing steps forregistering a short-distance ID to the sending device 2 a and thereceiving device 3 a. The processing steps for registering ashort-distance ID will now be described based on FIG. 15. In order tosend the short-distance ID from the short-distance wireless device 4 tothe sending device 2 a (or the receiving device 3 a), the user depressesthe button 68 a of the short-distance wireless device 4 shown in FIG. 13to put the short-distance wireless device 4 into registration mode (stepS71). Then the user depresses the button of the sending device (orreceiving device 3 a) to which the short-distance ID is to be sent andpoints the short-distance wireless device 4 toward the sending device 2a (or receiving device 3 a). This procedure puts the sending device 2 a(or receiving device 3 a) into registration mode (step S72).

It is acceptable for the sending device 2 a (or receiving device 3 a) tobe configured such that, when the device enters registration mode, thepower supply control unit 46 (or 56) delivers electric power to theshort-distance wireless interface unit 41 (or 51) and the peripheralunits thereof.

Thus, with this embodiment, the possibility of sending AV data over theinternet or the like from a sending device 2 a to a receiving device 3 ain a distant location is eliminated because it is necessary for the userto depress buttons on both the sending device 2 a and the receivingdevice 3 a and then register the short-distance ID using the sameshort-distance wireless device 4.

Next, the user points the short-distance wireless device 4 at thesending device 2 a (or receiving device 3 a) or brings theshort-distance wireless device 4 close to the sending device 2 a (orreceiving device 3 a) and depresses the short-distance ID registrationbutton (step S73). This action causes authentication and key exchange totake place between the short-distance wireless device 4 and the sendingdevice 2 a (or receiving device 3 a) and each device confirms that theother is a device that has been recognized by a proper licensinginstitution (step S74). If necessary, public keys or other keys areexchanged. The key exchange procedure is discussed later.

Next, the short-distance wireless device 4 determines if the value ofthe registration counter, which measures the number of times theshort-distance ID has been sent to a sending device 2 a (or receivingdevice 3 a) and registered, is larger than zero (step S75). If the valueof the registration counter is larger than zero, the number of previousregistrations is smaller than a prescribed number and the short-distanceID is sent to the sending device 2 a (or receiving device 3 a) (stepS76). If the value of the registration counter is zero, the prescribednumber of registrations has already been performed and transmission ofthe short-distance ID is stopped.

It is acceptable that the short-distance ID is sent from the samewireless device 4 to the same sending device 2 a or receiving device 3a) for more than two times.

After the short-distance wireless device 4 sends the short-distance IDto the sending device 2 a (or receiving device 3 a), it decrements theregistration counter by 1 (step S77).

The sending device 2 a (or receiving device 3 a) receives theshort-distance ID and transmits the short-distance ID to theshort-distance ID managing unit 43, 53 (step S78). As describedpreviously, in order to prevent unlawful acquisition of theshort-distance ID during transmission, the short-distance ID can be, forexample, encrypted or provided with a signature so that it can bedetermined if the short-distance ID has been altered. It is alsoacceptable to measure if the transmission to the short-distance IDmanaging unit 43, 53 is accomplished within a prescribed amount of time.

Next, it is determined if the number of short-distance IDs registered inthe short-distance ID managing unit 43, 53 is below a prescribed numberN (step S79). If the number of short-distance IDs is below theprescribed number, the short-distance ID is registered. If the number ofshort-distance IDs is already the prescribed number N, it is acceptableto register the new short-distance ID after deleting the short-distanceID that was registered the longest ago or another short-distance ID asdescribed previously.

After the completing the steps just described, registration mode endsfor the short-distance wireless device 4 and the sending device 2 a (orreceiving device 3 a) and the user is notified that registration modehas ended by a beep sound or an indication presented on a display (stepsS80 to S83).

The sending device 2 a and the receiving device 3 a register theshort-distance ID in their respective short-distance ID managing units43, 53. A predetermined number N of IDs can be registered in theshort-distance ID managing units 43, 53. The value of N can be selectedto be 1 or some other value, such as 2, 4, 8, or 16. Although it isfeasible to configure the system such that when there is a request toregister a new short-distance ID and the maxi number N of short-distanceIDs has already been registered, the new short-distance ID is registeredafter taking such a measure as deleting the short-distance ID that wasregistered the longest ago, the basic idea is to deny any registrationsof new IDs beyond the prescribed number N.

The registration processing of the short-distance ID managing units 43,53 is executed separately by the sending device 2 a and the receivingdevice 3 a, respectively. In other words, the sending device 2 a and thereceiving device 3 a each execute the short-distance ID registrationusing the same short-distance wireless device 4. It is preferable thatit be possible to confirm that the sending device 2 a and the receivingdevice 3 a are close to each other when the registrations are performed.Otherwise, it will be possible for the short-distance ID to registeredusing the same short-distance wireless device 4 at different times andlocations with respect to the sending device 2 a and the receivingdevice 3 a, respectively (for example, the ID could be registered to thesending device 2 a in Tokyo and to the receiving device 3 a in Osaka).As a result, it would be possible to accomplish remote communicationbetween arbitrary remote locations.

Thus, it is acceptable to provide a measuring unit 69 inside theshort-distance wireless device 4 as shown in FIG. 13 so that theregistration tasks executed by the sending device 2 a and the receivingdevice 3 a are disallowed if they are not executed in succession andcompleted within several minutes.

Another option is to provide a GPS (global positioning system) insidethe short-distance wireless device 4 and disallow registration of theshort-distance ID when it can be estimated that the distance between thesending device 2 a and the receiving device 3 a is greater than aprescribed distance.

Still another option is to provide RTT measuring units 47, 57 formeasuring the RTT (round trip time) in the ID registration processingunits 44, 54 of the sending device 2 a and the receiving device 3 a asshown in FIGS. 10 and 11, use said measuring units 47, 57 to measure ifthe time required (RTT) for the data transaction with the remote controldevice or the wireless tag device is less than a prescribed amount oftime, and disallow registration of the short-distance ID if the RTT isnot less than the prescribed amount of time. The RTT measuring units 47,57 are configured to, for example, send a prescribed packet to theshort-distance wireless device 4 and measure the round trip timerequired for a response packet to come back. The distance to theshort-distance wireless device 4 can be estimated based on the RTTmeasurement result.

Still another option is to provide measuring units in of the IDregistration processing units 44, 54 of the sending device 2 a and thereceiving device 3 a, respectively, and check if the data transactionwith the remote control device or the wireless tag device is completedwithin a prescribed amount of time (RTT). If not, registration of theshort-distance ID is disallowed.

FIG. 16 is a sequence diagram of the authentication and key exchangeprocessing and the send processing for registration of theshort-distance ID. First, the short-distance wireless device 4 sends atrigger to the sending device 2 a (or receiving device 3 a) requestingthat registration processing start (step S111). Then, the IDregistration processing unit 44 (or 54) of the sending device 2 a (orreceiving device 3 a) starts a timer inside the RTT measuring unit 47(or 57) (step S112) and sends a command for measuring the round triptime (RTT) to the short-distance wireless device 4 (step S113). It isacceptable for a random value An selected by the short-distance wirelessdevice 4 to be transmitted along with the command. Upon receiving thecommand, the short-distance wireless device 4 immediately sends a replyto the sending device 2 a (or receiving device 3 a) (step S114). It isacceptable for a random value Bn selected by the sending device 2 a (orremote control device (short-distance wireless device 4)) to betransmitted along with the reply.

Upon receiving the reply, the sending device 2 a (or receiving device 3a) uses the timer inside the RTT measuring unit 47 (or 57) to measurethe RTT (step S115). If the measured value is less than a predeterminedvalue (e.g., several milliseconds), the distance between theshort-distance wireless device 4 and the sending device 2 a (orreceiving device 3 a) is recognized to be smaller than a prescribeddistance and the subsequent authentication and key exchange processingcalculating or sharing content key to encrypt the AV data is allowed. Ifthe RTT is equal to or greater than the predetermined time value, thedistance between the short-distance wireless device 4 and the sendingdevice 2 a (or receiving device 3 a) is recognized to be equal to orlarger than the prescribed distance (i.e., there is the possibility thatthe devices are arranged remotely from each other and are communicatingthrough a public network) and the subsequent authentication and keyexchange processing calculating or sharing content key to encrypt the AVdata is disallowed. The measurement of the RTT is accomplished using asequence in which encryption computations and hashing computations donot occur. Consequently, the measurement is advantageous in that an RTTvalue close to the true value can be measured without taking intoconsideration the time required for encryption and hashing computations.

Although in this embodiment the sending device 2 a (or receiving device3 a) conducts the RTT measurement, it is also acceptable to reverse thedirection of the sequence so that the short-distance wireless device 4measures the RTT. It is also feasible to use a sequence in which boththe sending device 2 a (or receiving device 3 a) and the short-distancewireless device 4 measure the RTT.

Next, the short-distance wireless device 4 and the sending device 2 a(or receiving device 3 a) begin the authentication and key exchangeprocessing. In this embodiment, the processing is accomplished usingextended (enhanced) restricted authentication, which has already beenstandardized in DTCP standards. More specifically, the sending device 2a (or receiving device 3 a) sends a key selection vector Aksv to theshort-distance wireless device 4 (step S116) and the short-distancewireless device 4 sends its device certificate (Bcert) and a keyselection vector (Bksv) to the sending device 2 a (or receiving device 3a) (step S117). Then the two devices calculate the value of R and R′ byfollowing predetermined computational operations (steps S118 and S119).

In the computations, SHA-1 is a predetermined hash function. The valueof R computed by the short-distance wireless device 4 is sent to thesending device 2 a (or receiving device 3 a) (step S120).

The sending device 2 a (or receiving device 3 a) cares the value of R′that it calculated to the value of R that was sent from theshort-distance wireless device 4 (step S121). If the values match, theauthentication and key exchange is deemed a success and theauthentication key Kauth is computed (steps S122 and S123). Since thesending device 2 a (or receiving device 3 a) can hold the sameauthentication key value Kauth, the short distance wireless device 4sends the short-distance ID value (AA) to the sending device 2 a (orreceiving device 3 a) using that value Kauth as a key (step S124).Feasible methods include, for example, using the XOR of theshort-distance ID and the value of Kauth and sending the result of anencryption computation that uses the value of Kauth as a key.

Since the extended restricted authentication of DTCP is provided with amechanism to revoke a device, it is possible for the sending device 2 a(or receiving device 3 a) to deny (revoke) transactions from aparticular short-distance wireless device 4.

See the DTCP standards listed at http://www.dtcp.com for detailsregarding the extended restricted authentication procedure of DTCP.

FIG. 17 is a sequence diagram showing the processing steps fortransmitting AV data between the sending device 2 a and the receivingdevice 3 a. In this embodiment, it is assumed that the sameshort-distance ID (=AA) is registered in the short-distance ID managingunits 43, 53 of both the sending device 2 a (which is assumed to havedevice ID=a) and the receiving device 3 a (which is assumed to havedevice ID=b), respectively.

The receiving device 3 a requests the sending device 2 a forauthentication and key exchange by sending notification of its owndevice ID (=b) and the short-distance ID (=AA) (step S91).

Upon receiving the request, the sending device 2 a confirms that theshort-distance ID AA is registered in its short-distance ID managingunit (step S92) and requests the receiving device 3 a for authenticationand key exchange by sending notification of its own device ID (=a) andthe short-distance ID (=AA) (step S93).

Upon receiving this request, the receiving device 3 a confirms that theshort-di-stance ID AA is registered in its short-distance ID managingunit (step S94), and authentication and key exchange is executed betweenthe sending device 2 a and the receiving device 3 a.

If the authentication and key exchange succeeds, the sending device 2 aand receiving device 3 a will share a common content encryption key(steps S96 and S97). The sending device 2 a uses this key to encrypt theAV data (step S98) and sends the encrypted AV data to the receivingdevice 3 a (step S99). The receiving device 3 a uses the contentencryption key to decrypt the received AV data (step S100).

It is also feasible to use a method in which the short-distance ID isused as an input to the computation of the content encryption key.

FIG. 18 is a sequence diagram showing the processing steps for a case inwhich the short-distance ID (=AA) sent from the receiving device 3 a inthe previously described step S91 is not registered in theshort-distance ID managing unit 43 of the sending device 2 a. Thesending device 2 a confirms that the short distance ID (=AA) is notregistered in the short-distance ID managing unit 43 and urges the userto registered the short-distance ID using a beep sound or the like (stepS101).

FIG. 19 is a sequence diagram showing another example of the processingsteps for transmitting AV data between the sending device 2 a and thereceiving device 3 a. In this example, the processing up to the stepwhere the content encryption key is shared by the sending device 2 a andthe receiving device 3 a (steps S131 to S134) is the same as the DTCPauthentication and key exchange processing shown in FIG. 17. Then, oneor both of the devices confirms the value of the short-distance ID.Since there are no changes to the DTCP authentication and key exchangeprocedure, this arrangement has the merit that the conventional commandscan be used as is by merely preparing additional commands for executingthe short-distance ID transactions.

In this embodiment, the short-distance ID confirmation is carried out atthe beginning part of the processing AKE (authentication and keyexchange) protocol. It is also acceptable such that the short-distanceID confirmation is carried out before the processing of AKE protocol,during the processing of the AKE protocol, or at the ending part of theprocessing AKE protocol.

(Fourth Embodiment)

In the third embodiment, the ID registration was accomplished using ashort-distance wireless device. In the fourth embodiment, instead of ashort-distance wireless device, an IC card (contact-type IC card),memory card, or other detachable storage device is used to accompli theID registration. In this explanation, an IC card refers to, for example,a plastic card having a built-in IC and the size of a credit card or astamp. A memory card refers to, for example, a PCMCIA memory card orsuch a memory card of the type represented by SD cards and memorysticks. The memory card is not limited to having a card-like shape andcan be any memory device capable of being attached and detached, such asa USB key.

FIG. 20 is a block diagram showing an information communication systemin accordance with the fourth embodiment of the present invention. FIG.21 is a block diagram showing an example of the internal features of thesending device 2 b indicated in FIG. 20 and FIG. 22 is a block diagramshowing an example of the internal features of the receiving device 3 bshown in FIG. 20. The difference with respect to the third embodiment isthat instead of registering the ID using a short-distance wirelessdevice, such as an infrared remote control or a wireless tag, the ID isregistered using an IC card or a memory card (hereinafter referred tocollectively as “IC card”) 5.

The sending device 2 b and receiving device 3 b of this embodiment aredifferent from the sending device 2 a and receiving device 3 a of thethird embodiment in that they are each provided with an IC cardinterface unit 31, 32 and an IC card authentication and key exchangeprocessing unit 33, 34 (FIGS. 21 and 22) instead of a short-distancewireless interface and a short-distance wireless authentication and keyexchange processing unit.

The sending device 2 b and the receiving device 3 b each communicatewith the IC card 5 through their respective IC card interface units 31,32 and register the globally unique ID (short-distance ID) transmittedfrom the IC card 5. The feature that AV data can only be transmittedbetween a sending device 2 b and a receiving device 3 b in which thesame short-distance ID has been registered is the same as the thirdembodiment.

Each IC card has a short-distance ID. The IC card is set into an IC cardthrottle (IC card interface unit) of the sending device 2 b or receivingdevice 3 b and the short-distance ID is transmitted. Since the IDtransmission cannot take place unless the IC card physically exists inthe interface unit, remote registration is believed to be impossible.

FIG. 23 is a block diagram showing an example of the internal featuresof an IC card. The IC card shown in FIG. 23 is provided with thefollowing: an IC card interface unit 81, an AV device initializationprocessing unit 82 for initializing the AV device; a short-distance IDrecording unit 83 configured to record the short-distance ID of the ICcard; an ID registration processing unit 84 configured to control theregistration of IDs to the short-distance ID recording unit 83; aregistration counter 85 configured to measure the number times recordingof the short-distance ID to the short-distance ID recording unit 83takes place; a short-distance wireless authentication and key exchangeprocessing unit 86 configured to execute authentication and key exchangebetween the sending device 2 b and the receiving device 3 b.

It is acceptable such that the short-distance ID confirmation is carriedout before the processing of AKE protocol, during the processing of theAKE protocol, or at the ending part of the processing AKE protocol.

It is acceptable for the IC card shown in FIG. 23 to include otherfunctions, such as a memory card function. In such a case, the IC cardwill be provided with a memory unit and functions for executing otherfunctions.

The short-distance ID registration processing steps, registrationsequence, and internal operations of the fourth embodiment are the sameas in the third embodiment and the operational effects achieved are thesame as with the third embodiment.

(Fifth Embodiment)

In the fourth embodiment, the registration of the IDs is accomplishedusing an ID card or a memory card. Some digital AV devices are providedwith an ID card interface unit and configured such that they cannot beused as an AV device unless the ID card is inserted. One example of sucha device is the B-CAS card widely used in Japan for digitalbroadcasting. The card is provided with a functions for receivingscrambled content from a digital broadcast and descrambling andoutputting the content and a function for using an internal ID number(different from the short-distance ID) to confirm the receiver.

Since all digital broadcast devices are provided with such an IC cardinterface unit, it would be a convenient arrangement to use the IC cardinterface both for the aforementioned ID card and for an IC cardconfigured to write a short-distance ID in accordance with theembodiment of the present invention. This embodiment is contrived torealize such an arrangement.

FIG. 24 is a block diagram showing an information communication systemin accordance with the fifth embodiment of the present invention. FIG.25 is a block diagram showing an example of the internal features of thereceiving device 3 c indicated in FIG. 24. The information communicationsystem shown in FIG. 24 is generally the same as the informationcommunication system shown in FIG. 20 except that instead of using an IDcard (or memory card), the information communication system shown inFIG. 24 uses a B-CAS card.

The information communication system shown in FIG. 24 is provided with asending device 2 c, a receiving device 3 c, and a B-CAS card 6 that canbe inserted into the sending device 2 c and the receiving device 3 c.

In this embodiment, the receiving device 3 c is a device (e.g., adisplay) equipped with a digital broadcast receiving function.

As shown in FIG. 25, the receiving device 3 c has a B-CAS card interfaceunit 35 and a B-CAS card authentication/key exchange processing unit 36.It is also acceptable for the sending device 2 c to have a B-CAS cardinterface unit and a B-CAS card authentication/key exchange processingunit.

The B-CAS card interface unit 35 has the distance required forregistering the short-distance ID and is provided with thecharacteristic functions of B-CAS cards described previously (e.g.,scramble processing and receiver confirmation functions).

FIG. 26 is a block diagram showing an example of the internal featuresof a B-CAS card 6. The B-CAS card shown in FIG. 26 is provided with aB-CAS card interface unit 91, a B-CAS processing unit 92, an AV deviceinitialization processing unit 93, a short-distance wirelessauthentication and key exchange processing unit 94, an ID registrationprocessing unit 95, a registration counter 96, and a short-distance IDrecording unit 97.

The B-CAS card 6 differs from the ID card described in the fourthembodiment in that it is provided with a B-CAS card interface 91 and aB-CAS processing unit 92 for realizing the characteristic functions ofB-CAS cards (e.g., scramble processing and receiver confirmationfunctions).

The short-distance ID registration processing steps, registrationsequence, and internal operations of the fifth embodiment are the sameas in the third and fourth embodiments.

In the third to fifth embodiments, AV data can be sent form the sendingdevice 2 to the receiving device 3 only when the same short-distancewireless device 4 has registered the short-distance ID to both thesending device 2 and the receiving device 3. Thus, an arrangement can beachieved in which AV data is allowed to be transmitted only to specificsending devices 2 and receiving devices 3 and the copyrights of the AVdata can be reliably protected.

By restricting the number of times the short-distance ID can beregistered from the short-distance wireless device 4 to the sendingdevice 2 (or receiving device 3), the illicit acquisition of AV data bymeans of the illicit use of the short-distance wireless device 4 can beprevented.

Additionally, by setting the time interval during which theshort-distance ID must be registered to the sending device 2 and thereceiving device 3 to a prescribed amount of time, registration of theshort-distance ID to a sending device 2 or receiving device 3 positionedin a remote location can be prevented.

Since the short-distance ID cannot be registered unless the user isclose to the sending device 2 (or receiving device 3) and performs suchtasks as operating a button when sending the short-distance ID from theshort-distance wireless device 4 to the sending device 2 (or receivingdevice 3), an arrangement can be achieved in which the short-distance IDcan be registered only to sending devices (or receiving devices 3) thatare close to the user.

Although all of the previously described embodiments concern thetransmission of AV data that requires copyright protection, the presentinvention can also be applied to the transmission of various other typesof content (electronic data) that require copyright protection.

The internal features of the sending devices 2, 2 a, 2 b, 2 c andreceiving devices 3, 3 a, 3 b, 3 c described in FIG. 2 and other figuresare merely examples. It is also accepted for the previously describedsending devices to be provided with the functions of a receiving deviceand/or for the receiving device to be provided with the functions of asending device.

A transmission control program in accordance with the embodiment of thepresent invention is a computer program created to achieve thepreviously described processing and stored in a memory device providedin an information communication device or an information communicationsystem. A processing unit provided in the information communicationdevice or information communication system can read the computer programfrom the memory device and execute it to accomplish the previouslydescribed information communication processing.

As described in detail heretofore, an information communication devicein accordance with the present invention does not register the deviceidentification information of another communication device unless theother communication device is connected to a network having a limitedrange. Consequently, it is possible to limit the transmissiondestinations to which electronic data can be sent and to providereliable copyright protection for the electronic data.

The invention may be embodied in other specific forms without departingfrom the spirit or essential characteristics thereof. The presentembodiment is therefore to be considered in all respects as illustrativeand not restrictive, the scope of the invention being indicated by theappended claims rather than by the foregoing description, and allchanges which come within the meaning and range of equivalency of theclaims are therefore intended to be embraced therein.

1. An information communication device for transmitting electronic dataencrypted for the purpose of copyright protection, the devicecomprising: an identification information managing unit configured tohold device identification information in connection with otherinformation communication devices acquired through a network; an IDregistration processing unit configured to register the deviceidentification information of another communication device when theother communication device satisfies a predetermined distance conditionor when common identification information that is held by bothinformation communication devices is received form a portable device;and an authentication and key exchange processing unit configured to,for the purpose of copyright protection, complete authentication and keyexchange process (AKE process) only when another informationcommunication device whose device identification information isregistered in the identification information managing unit.
 2. Theinformation communication device as claimed in claim 1, furthercomprising a measuring unit configured to measure if another informationcommunication device satisfies a predetermined distance condition,wherein the ID registration processing unit is configured to registerthe device identification information of another informationcommunication device when the measurement result of the measuring unitindicates that the other information communication device satisfies thepredetermined distance condition.
 3. The information communicationdevice as claimed in claim 2, wherein the measuring unit is configuredto determine if the time duration from when a request for sendinginformation is sent to another information communication device untilwhen the information is received from the other informationcommunication device is within a predetermined amount of time; and theID registration processing unit is configured to register the deviceidentification information of another information communication devicewhen the measuring unit determines that said time duration is within thepredetermined amount of time.
 4. The information communication device asclad in claim 1, wherein the ID registration processing unit isconfigured to issue a registration request to another informationcommunication device and register the device identification informationof the other information communication device to the identificationinformation managing unit when the other information is recognized to beconnected to a network having a prescribed limited range.
 5. Theinformation communication device as claimed in claim 4, furthercomprising an interface unit connected to a local network, wherein theID registration processing unit is configured to register the deviceidentification information of the other information communication deviceto the identification information managing unit when the otherinformation communication device is connected directly to the localnetwork.
 6. The information communication device as claimed in claim 4,wherein the ID registration processing unit is configured such that,when the number of device identification information entries registeredin the identification information managing unit reaches a predeterminedupper limit, further registration of device identification informationis denied or a new device identification information entry is registeredafter deleting the device identification information that was registeredthe longest ago and/or the device identification information of theregistered information communication device with which communication hasnot been conducted for the longest period of time.
 7. The informationcommunication device as claimed in claim 4, further comprising anauthentication and key exchange request receiving unit configured toreceive authentication and key exchange requests from other informationcommunication devices, wherein the ID registration processing unit isconfigured to register the device identification information of anotherinformation communication device to the identification informationmanaging unit after the authentication and key exchange requestreceiving unit has received a request for authentication and keyexchange.
 8. The information communication device as claimed in claim 4,wherein when the device identification information of anotherinformation communication device is registered to the identificationinformation managing unit, the communication, for AKE process and/or RTTmeasuring process, with the other information communication device isaccomplished using data link layer frames or physical layer frames. 9.The information communication device as claimed in claim 8, theauthentication and key exchange executed by the authentication and keyexchange processing unit is accomplished using IP (internet protocol)packets.
 10. An information communication system for transmittingelectronic data encrypted for the purpose of copyright protection, thesystem comprising: a sending device; and a receiving device configuredto receive electronic data encrypted for the purpose of copyrightprotection and sent from the sending device, wherein at least one of thesending device and the receiving device comprises: an identificationinformation managing unit configured to hold device identificationinformation regarding another device acquired through a network; an IDregistration processing unit configured to register the deviceidentification information of another device when the other device isrecognized to be connected to a network having a prescribed limitedrange; and an authentication and key exchange processing unit configuredto complete AE process only when another information communicationdevice whose device identification information is registered in theidentification information managing unit.
 11. A computer program productcomprising a computer useable medium having computer program logicrecorded thereon for enabling a processor to control transmission ofelectronic data encrypted for the purpose of copyright protection, thecomputer program product comprising: a sending procedure that enablesthe processor to send a request packet to another device with whichcommunication is to be conducted; a receiving procedure that enables theprocessor to receive a response packet from another device; adetermining procedure that enables the processor to determine if anotherinformation communication device is connected to a network having aprescribed limited range based on the received device ID responsepacket; a registration procedure that enables the processor to registerthe device identification information of another informationcommunication device when it is determined that the other informationcommunication device is connected to a network having a prescribedlimited range; and an authentication and key exchange procedure thatenables the processor to, for the purpose of copyright protection,complete AKE process only when another information communication devicewhose device identification information is registered in theregistration procedure.
 12. An information communication device fortransmitting electronic data encrypted for the purpose of copyrightprotection to another information communication device through anetwork, the device comprising: a first interface unit that is connectedto the network; a second interface unit configured to receive uniqueidentification information sent from an identification informationsending device that is capable of communicating with the informationcommunication device; an identification information managing unitconfigured to hold said unique identification information after it isreceived; an identification information registration processing unitconfigured to register said unique identification information to theidentification information managing unit and determine if the uniqueidentification information is registered in another device; and a firstauthentication and key exchange processing unit configured to completeauthentication of and key exchange with another informationcommunication device for the purpose of copyright protection when it isdetermined that the unique identification information is registered inthe other information communication device.
 13. The informationcommunication device as claimed in claim 12, wherein the secondinterface unit receives electronic data transmitted through the secondinterface unit include encrypted data.
 14. The information communicationdevice as claimed in claim 12, further comprising: a registration startdirective issuing unit configured to issue a directive for startingregistration of the unique identification information, theidentification information registration processing unit being configuredto execute registration processing when the directive has been issuedfrom registration start directive issuing unit.
 15. The informationcommunication device as claimed in claim 12, further comprising a powersupply control unit configured to deliver power supply voltage to thesecond interface unit when the identification information registrationprocessing unit is executing registration processing.
 16. Theinformation communication device as claimed in claim 12, furthercomprising: a second authentication and key exchange processing unitconfigured to execute authentication and key exchange with respect tothe identification information sending device through the secondinterface unit, the identification information registration processingunit configured to execute registration processing with respect to theidentification information sending device when the second authenticationand key exchange processing unit has successfully completed itsauthentication and key exchange with respect to the identificationinformation sending device.
 17. The information communication device asclaimed in claim 16, further comprising: a measuring unit configured tomeasure the round trip time between sending a specific packet to theidentification information sending device and receiving a correspondingresponse packet from the identification information sending device, thesecond authentication and key exchange processing unit being configuredto complete authentication and exchange processing when the round triptime measured by the measuring device is less than a prescribed amountof time.
 18. The information communication device as claimed in claim17, wherein the identification information registration processing unitstarts registration processing after the measuring unit has completedmeasuring the round trip time.
 19. The information communication deviceas claimed in claim 12, further comprising a registration notifying unitconfigured to notify a user that the identification informationregistration processing unit has registered the unique identificationinformation.
 20. The information communication device as claimed inclaim 12, wherein the identification information registration processingunit further comprises an encryption communication processing unitconfigured to encrypt the unique identification information receivedform the second interface unit to register the encrypted uniqueidentification information; and wherein the identification informationmanaging unit further comprises a decryption communication processingunit configured to decrypt the encrypted unique identificationinformation sent from the encryption communication processing unit. 21.The information communication device as claimed in clam 12, wherein theunique identification information is unique to each identificationinformation sending device.
 22. The information communication device asclaimed in claim 12, wherein the identification information registrationprocessing unit limits the number of different unique identificationinformation entries that can be registered to a predetermined number.23. An information communication device for sending identificationinformation to first and second information communication devicesconfigured to transmit electronic data encrypted for copyrightprotection over a network, the information communication devicecomprising: an identification information holding unit configured tohold unique identification information that is required in order for thefirst and second information communication devices to transmit theelectronic data which are required for copyright protection to completeauthentication and key exchange process (AKE process); and acommunication unit configured to send the unique identificationinformation to the first and second communication devices.
 24. Theinformation communication device as claimed in claim 23, wherein theidentification information holding unit limits the number ofidentification information entries that can be held to a prescribednumber.
 25. The information communication device as claimed in claim 23,wherein the communication unit is configured to perform wirelesscommunication between the first and second communication devices usinginfrared rays.
 26. The information communication device as claimed inclaim 25, further comprising: a one-way infrared communication unitconfigured to perform one-way infrared communication, wherein theaforementioned communication unit is a two-way infrared communicationunit.
 27. The information communication device as claimed in claim 23,wherein the communication unit is configured to perform wirelesscommunication between the first and second communication devices usingelectric power generated from received radio waves.
 28. The informationcommunication device as claimed in claim 25, wherein the communicationdevice is configured to perform communication between the using adetachable memory device.
 29. A data transmission system, comprising: asending device connected to a network; a receiving device configured toreceive electronic data sent from the sending device through thenetwork, the electronic data having been encrypted for the purpose ofcopyright protection; wherein at least one of the sending device and thereceiving device comprises: a communication unit configured tocommunicate with an identification information sending device through aninterface that is separate from the network and receive uniqueidentification information sent from the identification informationsending device; an identification information registering unitconfigured to register the received unique identification information;an identification information registration determining unit configuredto determine if the unique identification information is registered inanother communication device; and an authentication and key exchangeprocessing unit configured to complete authentication of and keyexchange with another communication device for the purpose of copyrightprotection only when it is determined that the unique identificationinformation is registered in the other communication device.
 30. Acomputer program product comprising a computer useable medium having acomputer program logic recorded thereon for enabling a processor tocontrol the transmission of electronic data between a sending deviceconnected to a network and a receiving device configured to receiveelectronic data encrypted for the purpose of copyright protection andsent from the sending device through the network, the computer programproduct comprising: a receiving procedure that enables the processor tocommunicate with an identification information sending device through aninterface that is separate from the network and receive uniqueidentification information sent from the identification informationsending device; a registration procedure that enables the processor toregister the received unique identification information; a determiningprocedure that enables the processor to determine if the uniqueidentification information is registered in another communicationdevice; and an authentication and key exchange procedure that enablesthe processor to complete authentication of and key exchange withanother communication device for the purpose of copyright protectiononly when it is determined that the unique identification information isregistered in the other communication device.